Systems Security & Network Access & Management Policy

5.5.1 Restrictions Imposed by the Regulation of Investigatory Powers Act 2000

The Regulation of Investigatory Powers Act (RIPA) 2000 defines how and when private electronic communications can be intercepted.

It is unlawful to intentionally intercept communications on a public or private telecommunications system unless it is reasonably believed that both parties to the communication consented to the interception, or under:

• Warrant (occasionally without warrant);
• regulations issued by the Secretary of State.

If you monitor or record any business communications (including phone calls, e-mails and Internet usage) you must ensure:

• Employees 'privacy and autonomy' is respected;
• 'proportionality' of the monitoring/recording relative to the needs of the University's purpose to be achieved;
• all monitoring/recording is for legitimate business purposes only.

If there is no element of consent, communications can be intercepted where a warrant has been served on the following grounds:

• The conduct authorised by the warrant is proportional to what is sought to be achieved (the ends justify the means);
• It is in the interests of national security;
• for safeguarding the economic well being of the UK;
• for the purpose of detecting or preventing a crime;
• pursuant to an International Mutual Agreement.

A warrant can only be issued by an authorised person - The Secretary of State, the Director General of the Security Services, the Chief of the Secret Intelligence Service, the Commissioner of Police and the Commissioner of Customs and Excise. All requests for assistance by law enforcement agencies or Investigatory bodies, including served warrants are to be dealt with in accordance with 4.3.

The requirements of RIPA concerning encrypted data traffic can be found in the Cryptographic Control Policy.

5.5.2 Restrictions Imposed by the Human Rights Act 1998

The Human Rights Act Article 8 ('Right to respect for private and family life') states that everyone has the right to respect for his private and family life, his home and his correspondence.

There shall be no interference by a public authority with the exercise of the right except such as in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

In other words, secret interception is an unjustifiable interference of privacy and correspondence. The term 'correspondence' could refer to personal telephone calls and e-mail at work. This article could legally be interpreted in respect to the Human Rights Act to include the interception of an employee's personal e-mail at work.